Results 1 to 17 of 17
  1. #1

    Some ip opeing 500 page in 10 second, DDOS..?

    hi guys,
    i am in shared hosting and logged in histats to check the today stats, suddenly from one ip, 400 and increasing pages opened in 8 to 10 seconds..

    then i contacted server admin, he is offline, so i blocked that ip in cloudflare, after that page opening stopped


    is it ddos..??
    that ip is 108.163.156.213

    any suggestion is welcome, i am weird
    Simple and awesome
    Google

  2. #2
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,180
    Could be HTTP flood, but if it was just a single IP or only a few ones, I rather think it's a spambot/scraper or similar, even though a good DDoS protection could block this as well. The IP is already listed on Project Honey Pot: https://www.projecthoneypot.org/ip_108.163.156.213
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  3. #3
    just a single that ip, but after banning (using cloudflare) it stopped, but if i remove the from cloudflare blocklist in cloudflare means, then it continue to open lot of page, i am not able to identitfy.

    where to complain..?? i have to send abuse report to that datacenter..??

    don't know what to do
    Simple and awesome
    Google

  4. #4
    You obviously did the right thing by blocking it using CloudFlare. Like the previous poster said, since its listed on Project Honey Pot, its most likely a spam bot of some sort.

    EDIT:
    Having the host/data center block the IP won't really do much. There are hundreds of spam bots on hundreds of IPs.

  5. #5
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,180
    Quote Originally Posted by feastboy View Post
    just a single that ip, but after banning (using cloudflare) it stopped, but if i remove the from cloudflare blocklist in cloudflare means, then it continue to open lot of page, i am not able to identitfy.

    where to complain..?? i have to send abuse report to that datacenter..??

    don't know what to do
    Yes, the only thing you can do in this case is to send an abuse to the datacenter and block the IP. Usually such bots are hosted in datacenters that don't care too much about abuse mails though.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  6. #6
    Join Date
    Jan 2002
    Location
    Ohio
    Posts
    3,155
    Keep it blocked, and move on. I find trying to report abusive IPs to their upstream to be useless most of the time.
    Don't like what I say? Ignore me.

  7. #7
    Thanks guys for your words,
    any script for sites hosted in shared hosting about reporting this type to user ..??

    (i am using wordpress)
    Simple and awesome
    Google

  8. #8
    Try WordFence, I have it installed and I've never had any issues with attacks.

  9. #9
    I think you're referring to blacklists such as the Honeypot project. I'm sure that IP has already been submitted to the major ones. So in other words, there isn't much you have to do at this point.

  10. #10
    Join Date
    Oct 2012
    Location
    Canada
    Posts
    3,064
    That seems like your everyday HTTP attack, you can just block it with .htaccess if you want but CloudFlare is the better option.
    TrentaHost INC. || Fully Managed DDoS Protected Services Globally (NA - EU - Asia)
    Reseller Hosting- Pure SSD | Litespeed | Imunify360 | CloudLinux | 24x7 Support | Mailchannels
    Linux & Windows DDoS Protected SSD VPS - cPanel / WHM | DDoS Protection | Let's Encrypt | Pure-SSD
    DDoS Protected Locations : Portland, OR (North America) | Amsterdam, NL (Europe) | Singapore (Asia)

  11. #11
    After 10 minutes same type of opening pages from 3 more ip..

    173.252.102.113
    173.252.102.115
    69.171.245.2

    i blocked these 3 too in cloudflare.

    @Buycpanel-Kevin
    installing that plugin now
    Simple and awesome
    Google

  12. #12
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by feastboy View Post
    After 10 minutes same type of opening pages from 3 more ip..

    173.252.102.113
    173.252.102.115
    69.171.245.2

    i blocked these 3 too in cloudflare.

    @Buycpanel-Kevin
    installing that plugin now
    Welcome to the internet.

    Contrary to popular belief it's a very hostile place.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  13. #13
    Join Date
    Oct 2013
    Location
    Hong Kong
    Posts
    14
    Call the hosting company support to add some auto ban script in the server.

  14. #14
    Join Date
    Jul 2012
    Location
    Charlotte, NC, US
    Posts
    513
    I would recommend to use projecthoneypot module/plugin/custom code to protect your account from such DDOS. This will protect your shared hosting account from over utilization of resources.
    ⓐ➒AlphaNine
    Shared hosting | cPanel/WHM reseller | KVM VPS | Dedicated Servers | SSL | VoIP | Management |
    99.9% uptime | 24/7 Support | Easy Control Panels | Operating Since 2000 |

  15. #15
    Join Date
    Jul 2011
    Posts
    96
    Perhaps a crawler of some sort or it could be a L7 flood.

  16. #16
    Join Date
    Aug 2010
    Location
    Sorting Office
    Posts
    9,530
    Quote Originally Posted by feastboy View Post
    After 10 minutes same type of opening pages from 3 more ip..

    173.252.102.113
    173.252.102.115
    69.171.245.2

    i blocked these 3 too in cloudflare.
    Those IPs belong to Facebook. Are you running an app or plugin that connects to Facebook?

  17. #17
    Join Date
    Jul 2012
    Location
    Charlotte, NC, US
    Posts
    513
    Ah you should check with your scripting once may be there is a loop request coming from Facebook. If you are you such apps connecting facebook

Similar Threads

  1. DDoS attack - 500 internal server error
    By DewlanceHosting in forum Hosting Security and Technology
    Replies: 12
    Last Post: 08-11-2011, 04:02 PM
  2. Cpanel Suspended page error 500
    By Alex597 in forum Hosting Software and Control Panels
    Replies: 2
    Last Post: 04-09-2010, 09:00 PM
  3. 500+ ip DDoS-ing my vps
    By newbie_security in forum VPS Hosting
    Replies: 7
    Last Post: 02-07-2010, 10:18 PM
  4. 3,500+/day Page Views - Starting @ $2.25
    By gilbert in forum Advertising Offers
    Replies: 0
    Last Post: 11-23-2005, 11:52 AM
  5. ADVERTISING - 500,000 Page Views A Week - $25
    By Duncan_Elude in forum Other Offers & Requests
    Replies: 7
    Last Post: 02-01-2003, 05:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •